VNC via SSH stopped working

kapibara

New Member
Joined
Oct 7, 2019
Messages
1
Reaction score
0
Credits
0
Do you guys have any idea why VNC stopped working after setting up SSH for authenticating with keys only?

I use Debian 10 and tightvnc server with tigervnc client. It has worked nicely until now.

Here's what I get when trying to establish the SSH tunnel:

ssh -L 5901:localhost:5901 [email protected]
bind [127.0.0.1]:5901: Address already in use
channel_setup_fwd_listener_tcpip: cannot listen to port: 5901
Could not request local forwarding.

I find this in the log after attempting to connect with TigerVNC Client:

/var/log/auth.log
Oct 7 06:24:17 pokip sshd[4686]: error: connect_to localhost port 5901: failed.

channel 3: open failed: connect failed: Connection refused

Another thing I did before it stopped working was to create a pair of keys on my wifes computer and VNC into the server from there to my usual sudo account on the server. Worked! Then I went back to my own computer and could not do VNC from there anymore. I can still SSH in with keys though.

EDIT: Restarted vncserver, but it still says 'already in use. Now I noticed that VNC works if I connect without SSH. Serveradress:5901 port works, just not with SSH for some reason?
 
Last edited:


Hello,

ssh -L 5901:localhost:5901 [email protected]

What this command do is listen to the 5901 port on you local machine, then connects to [email protected] through SSL, then when you make a connection to you local machine on port 5901 it opens a connection on pokip.se to localhost on port 5901.

bind [127.0.0.1]:5901: Address already in use

It means there is already something listening on your local 5901 port. Did you also set a VNC server on your local machine ?

Type the following command on your local machine to figure out what is using the 5901 port :

Code:
sudo ss -ltp

Now I noticed that VNC works if I connect without SSH. Serveradress:5901 port works, just not with SSH for some reason?

You should use iptables to prevent direct connection to your VNC server. I wouldn't trust VNC to handle security features.
 

Members online


Top